Central Risk Management System

Internal Control System (ICS)

With the Group-wide implementation of the ICS, MAN ensures that business activities are executed completely, correctly, promptly and efficiently based on appropriate organizational measures and controls according to the corresponding legal requirements and internal policies. The ICS secures the business processes at functional and transactional level and supplements the regular GRC process.

The internal controls mitigate process-inherent systemic risks. The ICS is supposed to minimize risks of material misstatements in financial reporting and of non-compliance with regulations and internal policies as well as of operating processes (e.g. as a result of unauthorized operating decisions).

The ICS is regularly reviewed regarding the completeness, appropriate design, and effectiveness of the existing controls. This aims at ensuring compliance at all levels of the MAN Group with existing regulations that are directed to reduce process-related and organizational risks.

Roles and responsibilities

The ICS Managers in the subgroups and ICS Coordinators in the MAN entities are responsible for the implementation of the ICS relevant processes. The respective process owners ensure that all risks involved in the processes in their area of responsibility are identified, documented, and that they are covered by the relevant controls. In addition, they are responsible for the definition and implementation of measures to eliminate possible control weaknesses. The control owners perform the controls and inform the process owners about possible control weaknesses.

The effectiveness of the ICS is monitored in multiple steps. The process owners review the controls on a regular basis to check that they are up-to-date (Test of Design). Furthermore, internal testers perform efficacy tests in order to review the controls‘ effectiveness in reality. As part of the annual financial audit, the external auditor reviews the regularity of the ICS. In addition, the Corporate Audit department also reviews the ICS.

The results of these continuous audits and reviews are regularly presented to internal bodies and measures for further developing the ICS are initiated.